Posted
by
samzenpus
on Friday October 21, 2011 @07:07AM
from the plugging-the-holes dept.

Hugh Pickens writes "Eli Lake reports that the U.S.'s 16 intelligence agencies are using a program called SureView that makes it easier to spy on the spies and catch whistleblowers early in the act. SureView is a type of auditing software that specializes in 'behavior-based internal monitoring' that monitors the intelligence officer's computer activity. If the officer acts like a potential leaker, sending an encrypted email or using an unregistered thumb drive, the analyst might push a button and watch a screen video of the officer's last hour of work. Once a case is made that a leak might be imminent, it is checkmate: the agent is thwarted. 'Had SureView been on Bradley Manning's machine, no one would know who Bradley Manning is today,' says Ryan Szedelo, manager for Raytheon's SureView software. The intelligence community has had auditing software for years. SureView came on the market in 2002. But the programs were buggy and often prone to false positives, alerting a network administrator too often to routine behavior. 'The technology has gotten substantially better in the last year,' says Jeffrey Harris, a former head of the National Reconnaissance Office. 'The problem with audit files was it took an army of people to understand them. Now we have rule-driven systems and expert systems that help us reason through the data.'"

For example, Harrisburg was just assigned to be in control of an appointed person by the Governor. Powers include being able to sign the city to contracts and sell what he/she chooses.

The idea of a governor declaring they can pick a person to be a dictator to our state capital seems bad to me. My relatives of his party see it is a good and needed thing to fight the corruption there.

the analyst might push a button and watch a screen video of the officer's last hour of work

Hmmm, so it would need 'cleverness' like a closed shell window:

$ sleep 3600 ; cp/path/to/secret.file/mnt/thumbdrive

Then wait half an hour, insert your thumbdrive to be mounted to the proper location; open a completely harmless (but non-work document) from it, say - an invitation to a garden party, and print it -- all the while leaving the thumbdrive mounted, so that the sleep-job can write the document in the background after in the next hour...

My first thought was that most government workstations don't run Linux, but the second and more pertinent one is that any software agent like this (I assume it is at least partially client-side) is easily bypassed with a simple Linux live CD/DVD. Boot to that and you're done. Granted that will violate your usage policy, but if you're leaking you probably don't care too much about that.

Bradley Manning's life (for one) has been destroyed by his naivete in his participation in this activity. You can not think that he really got into all of this with his eyes open.

Had this security system been in place, Manning would have probably done a couple of years in military prison (for attempt, and for stupidity) and then been booted to civilian life. Because it was not he will spend decades in the worse conditions allowed by military law.

Manning knew the consequences of leaking classified information. They make it very clear to you when you get access. It's not just a form you sign, but an hour long meeting where they go into explicit details about duties, responsibilities, and consequences. They then repeat this training on an annual basis. He may have believed he wouldn't get caught, but he had no reason to not know the seriousness of what getting caught would mean.

Um.... Yes I believe that people who get high security clearance have to go to meetings about it. I suspect a lot of other people do too. You seem to be confusing what parent said with "Bradly Manning was bad and shouldn't have leaked". From what I can tell parent said nothing of the sort, just that Manning knew what he was getting into. I too believe he knew what he was getting into. I hold no opinion on if it was right or not.

Exposing military misconduct is obviously moral behavior. A system that punishes moral behavior is immoral. It does't matter whether he knew there would be consequences. It's the consequences that are the problem.

Exposing military misconduct is obviously moral behavior. A system that punishes moral behavior is immoral. It does't matter whether he knew there would be consequences. It's the consequences that are the problem.

Behavior that I disagree with, which makes me uncomfortable, or that I don't like is not necessarily (or even probably) misconduct. But even if it was...

Doing 'whatever I want' with information that I do not own after agreeing not to do so is not a moral act. Stealing information is not a moral act. Imposing my discomfort or dislikes on you; making you conform to my personal likes; is not a moral act. Trying to avoid responsibility for committing an immoral act... is not a moral act. Committing immor

Killing anyone - probably - is not a moral act. I propose that self righteous journalists may be the exception that proves the rule. I am certain that anyone who actually calls themselves a "journalist" deserves no protection, sympathy, or remorse.

That said... I am aware of a video that seems to show individuals killed by a helicopter. The one or more of the individuals were probably journalists but may have looked like something else from the air (Press passes are hard to read from 1500 ft in a war z

I read the rather more sinister implication into the statement that he would have been permanently "disappeared".

When it comes to leaks, it's all a matter of perspective, one that Yes Minister got down pat: "That's another of those irregular verbs, isn't it? I give confidential press briefings; you leak; he's being charged under section 2A of the Official Secrets Act."

And there you have it: the North Koreans represent such a definitive immenent high level threat that we must be prepared to destroy the earth to stop them!!! By the way, where is this 'North Korea' that you speak of?

From a security perspective, yes it is a good thing. But at the same time the level of secrecy and classification has become absurd. It is undermining our democracy because the citizenry cannot find out some basic stuff that their government is doing. It is (or should be) common knowledge that the three letter agencies (and a bunch you've never heard of) spy on Americans on an ongoing basis. We can't find out just what they are doing because it is classified, and if we try to sue we have no standing because we can't prove we were spied upon because it's classified. That is absurd and Kafkaesque. These days leakers are the only way we find out about the shenanigans our agencies pull.

On a side note "senior white house officials speaking on the condition of anonymity" leak classified material all the time. But they are never prosecuted. I wonder why.

"It is (or should be) common knowledge that the three letter agencies (and a bunch you've never heard of) spy on Americans on an ongoing basis."
So you are saying all this spying is common knowledge but your next statement proclaims "We can't find out just what they are doing because it is classified", well then how in the hell did it become common knowledge? Are you just making shit up to support your own paranoid fantasies? You re-enforce this pattern further by stating "we can't prove we were spied upo

Evidently you never visited E. Germany before the wall came down or spent any time in Iran, Yemen, Syria, N. Korea, or any similar countries recently. Data mining is used by everyone not just the government. The most dangerous online groups are criminals looking to collect credit card and other information they can use in a criminal enterprise. Most of the people complaining today about privacy issues are the same morons posting their life history on Face book. If you chose to participate in today's online

The government has always had the means to collect information on it's citizens. Tax Returns, real estate records, banking records, school registration records, public utility bills, telephone books, drivers licenses, and other information has always been available it just took longer to get it. Just like the limits and caveats included in the Freedom of Speech or Assembly the to Privacy does not translate to the right of total anonymity.

Please respond with your full name, address, date of birth, SSN, bank details and credit and debit card details, a summary of your medical conditions, the themes of your last five masturbatory fantasies, and what you had for breakfast.

Please respond with your full name, address, date of birth, SSN, bank details and credit and debit card details, a summary of your medical conditions, the themes of your last five masturbatory fantasies, and what you had for breakfast.

Do you understand things that are done individually and things that are done as a group?

Government/economy is what we do as a group. My name, address, etc are what I do individually.

Maybe if we didn't have so many secrets in the first we wouldn't need so many in the second.

The problem is that the system is only as good as the ruleset and detection; it's the same theory behind antivirus. If you have a zero-day exploit that acts differently it's going to get through, and if you have someone that figures out a different way to capture data then the leak will happen. Can the software detect someone taking a picture of a document on the screen with their camera? Can it detect getting booted from an OS CD? Can it stop a person from telling someone what they read? This is just more

Yeah, but far from all people who leak data can be assumed to have technical competence. Mounting a forensics dist and just reading the data off a laptops drive is easy, but not for everyone. Also, connecting to stuff on the company intranet (by stealing the vpn key off the drive and logging in via another computer or live cd) would be mighty suspicious? And any attack where you (say) connect to the presumed VPN with a computer placed in front of the monitored one, letting it transparently forward the "legi

Given a juicy chunk of data, a smart guy with a few software tricks will dig that info out. The power of the internet is it only takes ONE smart guy, (or gal!) and then the results are rebroadcast in sound bite form.

Or, you could stop committing and covering up crimes and routinely classify any and all information regardless if it's needed or not. Then nobody would feel the need to leak the things that are rightfully secret.

Or, you could stop committing and covering up crimes and routinely classify any and all information regardless if it's needed or not.

What he said x 1000. Why on earth do we need to redact 80% of what gets 'declassified' in 50 year old documents and re-classify the rest? Whomevers dirty laundry this is is long since gone, but clearly your tax dollars are hard at work... [gwu.edu]

"Washington, D.C., February 21, 2006 - The CIA and other federal agencies have secretly reclassified over 55,000 pages of records taken

"These acts are evil, we won't do them": At least then we'd have a hope of reacting appropriately.

News of horrors coming out of the U.S. comes out every day and heads never seem to roll. Your country looks more and more like a fascism every day with bread and circuses fueling a bizarre patriotism that sees everyone else as inferior and less free. Even though the U.S. comes in at the lowest end of every statistic on overall quality of life (in the developed w

George Washington and the other Founders were not employees of the British government at the time of the Revolution, so this particular technology would have had no impact on them whatsoever if it was in the hands of George III.

Yes, but since they were not employees of the crown, they would not have been working on computers with this technology. I did not read the article, but from the summary (and my understanding of such software) putting this software on private computers would yield way too many false positives.

Oh, the jobs people work at!
Out west, near Hawtch-Hawtch,
there's a Hawtch-Hawtcher Bee-Watcher.
His job is to watch...
is to keep both his eyes on the lazy town bee.
A bee that is watched will work harder, you see.

Well... he watched and he watched.
But, in spite of his watch,
that bee didn't work any harder. Not Mawtch.

So somebody said,
"Our old-bee-watching man
just isn't bee-watching as hard as he can.
He ought to be watched by another Hawtch-Hawtcher!
The thing that we need
is a Bee-Watcher-Watcher!"

WELL...

The Bee-Watcher-Watcher watched the Bee-Watcher.
He didn't watch well. So another Hawtch-Hawtcher
had to come in as a Watch-Watcher-Watcher!
And today all the Hawtchers who live in Hawtch-Hawtch
are watching on Watch-Watcher-Watchering-Watch,
Watch-Watching the Watcher who's watching the bee.
You're not a Hawtch-Watcher. You're lucky, you see!

If a worker acts like a potential human, sending a personal email, visiting an unregistered website or trying to conduct union activities on site, the analyst might push a button and watch a screen video of the officer's last hour of work. Once a case is made that something might be imminent, it is checkmate: the worker is thwarted.

Most of corporate america has had this for about 10 years. I found out my old boss was using similar software like this to spy on us one day when he called me into his office with screen shots from my computer showing me looking at a tech news site and asking why I wasny working for those 5 minutes. I said, "well I am entitled 1 hour of break time per day. I never use this break time, eat lunch while working and answeing phone to be more efficient so I figured 5 minutes of looking at a job related news webs

I work at a major hospital. Remote software commonly used for remote troubleshooting fires off quite regularly. I expect every workstation in the place has screen-shots taken. It's not an hour of video, but probably because that would be too expensive.

You know, all that war, killing and hiding the truth could just end. Nah.

I think the problem here is that other countries intend to continue with the dirty deeds. If we intend to fight back (i.e. the CIA), our activities must remain secret, simply because most American's cannot handle the cognitive dissonance of "there are no good guys, not even us".

If the officer acts like a potential leaker, sending an encrypted email or using an unregistered thumb drive, the analyst might push a button and watch a screen video of the officer's last hour of work.

So, then, the analyst becomes the leaker. (Or the spy that a 3rd party hires)

A more likely senario, is that the "officer" (who is an analyst himself), plays it safe, and doesn't gather enough intel together to actually figure out what the real bad guys are doing.

Summary is actually about stopping leaks and the latter existed long before Assange's website. Inasmuch I am glad Manning's load became public, but for a security agency any leak-preventing policy seems a reasonable and logical step.

The risk an insider takes to publicize the data that is prohibited from publicizing by law should be compensated for the society in case the activity he is publicizing is criminal (that is breaking other laws).

Finding your leak isn't the fun part! It's arranging the "accident" afterwards! And then telling his parents, "We regret to inform you that your son has been killed in a FREAK AUTOEROTIC ASPHYXIATION accident, involving an inflatable goat, a tub of lube and an electric toaster! Here are what we could find of his remains..." (Delivers right nipple).

Here is a simpler way to trap people who leak documents with one modified bit of data. Produce a 32 bit unique hash of the user's id and a 32 bit hash of the document. Based on the document's hash (e.g. the first char mod 32) choose and test one bit of the user's hash and if its set change just one character in the document, e.g. put an extra space in, or perhaps change a comma to a semi-colon.

If a leak occurs do the same test for every employee with access to the document, and discard the half for whom t

But you would have to let leaks slip through while you tried to track down the leaker. Yes, it is guaranteed to work, but I imagine any higher up in the government would freak if you said "well see you have to just let x number of leaks go so that you can find the person leaking".

This is sad to hear. The government reserves the right to spy on literally everybody, but will not permit itself to be observed. Who does watch the watchers, anyway?

Like all institutions, the government is concerned mainly with perpetuating its own existence. And since the general public equates the government's existence with their security and their own existence, they tolerate all kinds of wrong deeds and imbalances of power like this.

Yeah, I know, its an oxymoron. Sadly never more than today. Our government has too many secrets. Too many bodies buried. Too many skeletons in the closet. The secrets its keeping are not in your best interest, or they'd share them with you. No, the only way to keep government in check is with transparency. When an employee of the government see's gross negligence, naked aggression, illegal activities, or profound betrayals of the Constitution or the American People, they are honor bound to make that informa

I feel obliged to note that on most of the systems likely to have this sort of thing attached, encryption is nearly the default setting for e-mail, and is basically never considered a bad thing. This program isn't about e-mails and outbound comms so much as it is about what you access internally, and media writes etc.

I am a federal contractor and we're required to encrypt attachments that contain 'sensitive' information. (Which isn't to say 'classified' since that's not supposed to get tossed around in the first place.) If this were rolled out in the agency I work with, everybody and their dog would be setting off this 'alarm' every hour of every day.

Use a VGA/DVI interception hardware device to save to external storage. People will be stuck thinking in the box so you'll have no problems whatsoever as long as you don't save or move any data "in-system".

Please don't forget to mention how SureView is awsome and ensures 100% data security while at it to keep the blinders on.

HDCP could be used to prevent this, although there are a few inline HDCP interception devices on the market. If they can monitor for the disconnection of the encrypted data stream they could prevent these from being hooked up, unless the device is turned off first, and I'd assume that any newly booted devices would have to be manually confirmed by an administrator before being allowed access to prevent such attacks.

Use a VGA/DVI interception hardware device to save to external storage. People will be stuck thinking in the box so you'll have no problems whatsoever as long as you don't save or move any data "in-system".
Please don't forget to mention how SureView is awsome and ensures 100% data security while at it to keep the blinders on.